Vulnerabilities > Offshorewebmaster

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-30	CVE-2023-48744	Cross-Site Request Forgery (CSRF) vulnerability in Offshorewebmaster Availability Calendar Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6. network low complexity offshorewebmaster CWE-352	8.8
2021-09-20	CVE-2021-24604	Unspecified vulnerability in Offshorewebmaster Availability Calendar The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed network low complexity offshorewebmaster	4.8
2021-09-20	CVE-2021-24606	SQL Injection vulnerability in Offshorewebmaster Availability Calendar The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ network low complexity offshorewebmaster CWE-89	8.8

Vulnerabilities > Offshorewebmaster {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Offshorewebmaster"}]}